package org.springframework.vault.config;

import java.net.URI;
import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.Resource;
import org.springframework.lang.Nullable;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.vault.authentication.AppIdAuthentication;
import org.springframework.vault.authentication.AppIdAuthenticationOptions;
import org.springframework.vault.authentication.AppIdUserIdMechanism;
import org.springframework.vault.authentication.AppRoleAuthentication;
import org.springframework.vault.authentication.AppRoleAuthenticationOptions;
import org.springframework.vault.authentication.AwsEc2Authentication;
import org.springframework.vault.authentication.AwsEc2AuthenticationOptions;
import org.springframework.vault.authentication.AzureMsiAuthentication;
import org.springframework.vault.authentication.AzureMsiAuthenticationOptions;
import org.springframework.vault.authentication.ClientAuthentication;
import org.springframework.vault.authentication.ClientCertificateAuthentication;
import org.springframework.vault.authentication.CubbyholeAuthentication;
import org.springframework.vault.authentication.CubbyholeAuthenticationOptions;
import org.springframework.vault.authentication.IpAddressUserId;
import org.springframework.vault.authentication.KubernetesAuthentication;
import org.springframework.vault.authentication.KubernetesAuthenticationOptions;
import org.springframework.vault.authentication.KubernetesServiceAccountTokenFile;
import org.springframework.vault.authentication.LifecycleAwareSessionManagerSupport;
import org.springframework.vault.authentication.MacAddressUserId;
import org.springframework.vault.authentication.StaticUserId;
import org.springframework.vault.authentication.TokenAuthentication;
import org.springframework.vault.client.VaultEndpoint;
import org.springframework.vault.support.SslConfiguration;
import org.springframework.vault.support.VaultToken;
import org.springframework.web.client.RestOperations;

@Configuration
/* loaded from: input_file:org/springframework/vault/config/EnvironmentVaultConfiguration.class */
public class EnvironmentVaultConfiguration extends AbstractVaultConfiguration implements ApplicationContextAware {

    @Nullable
    private RestOperations cachedRestOperations;

    @Nullable
    private ApplicationContext applicationContext;

    /* renamed from: org.springframework.vault.config.EnvironmentVaultConfiguration$1, reason: invalid class name */
    /* loaded from: input_file:org/springframework/vault/config/EnvironmentVaultConfiguration$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$springframework$vault$config$EnvironmentVaultConfiguration$AuthenticationMethod = new int[AuthenticationMethod.values().length];

        static {
            try {
                $SwitchMap$org$springframework$vault$config$EnvironmentVaultConfiguration$AuthenticationMethod[AuthenticationMethod.TOKEN.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$springframework$vault$config$EnvironmentVaultConfiguration$AuthenticationMethod[AuthenticationMethod.APPID.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$springframework$vault$config$EnvironmentVaultConfiguration$AuthenticationMethod[AuthenticationMethod.APPROLE.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$springframework$vault$config$EnvironmentVaultConfiguration$AuthenticationMethod[AuthenticationMethod.AWS_EC2.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$springframework$vault$config$EnvironmentVaultConfiguration$AuthenticationMethod[AuthenticationMethod.AZURE.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$springframework$vault$config$EnvironmentVaultConfiguration$AuthenticationMethod[AuthenticationMethod.CERT.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$springframework$vault$config$EnvironmentVaultConfiguration$AuthenticationMethod[AuthenticationMethod.CUBBYHOLE.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$org$springframework$vault$config$EnvironmentVaultConfiguration$AuthenticationMethod[AuthenticationMethod.KUBERNETES.ordinal()] = 8;
            } catch (NoSuchFieldError e8) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/springframework/vault/config/EnvironmentVaultConfiguration$AppIdUserId.class */
    public enum AppIdUserId {
        IP_ADDRESS,
        MAC_ADDRESS
    }

    /* loaded from: input_file:org/springframework/vault/config/EnvironmentVaultConfiguration$AuthenticationMethod.class */
    enum AuthenticationMethod {
        TOKEN,
        APPID,
        APPROLE,
        AZURE,
        AWS_EC2,
        CERT,
        CUBBYHOLE,
        KUBERNETES
    }

    @Override // org.springframework.vault.config.AbstractVaultConfiguration
    public RestOperations restOperations() {
        if (this.cachedRestOperations != null) {
            return this.cachedRestOperations;
        }
        this.cachedRestOperations = super.restOperations();
        return this.cachedRestOperations;
    }

    @Override // org.springframework.vault.config.AbstractVaultConfiguration
    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
        this.applicationContext = applicationContext;
        super.setApplicationContext(applicationContext);
    }

    @Override // org.springframework.vault.config.AbstractVaultConfiguration
    public VaultEndpoint vaultEndpoint() {
        String property = getProperty("vault.uri");
        if (property != null) {
            return VaultEndpoint.from(URI.create(property));
        }
        throw new IllegalStateException("Vault URI (vault.uri) is null");
    }

    @Override // org.springframework.vault.config.AbstractVaultConfiguration
    public SslConfiguration sslConfiguration() {
        return new SslConfiguration(getKeyStoreConfiguration("vault.ssl.key-store", "vault.ssl.key-store-password"), getKeyStoreConfiguration("vault.ssl.trust-store", "vault.ssl.trust-store-password"));
    }

    private SslConfiguration.KeyStoreConfiguration getKeyStoreConfiguration(String str, String str2) {
        Resource resource = getResource(str);
        String property = getProperty(str2);
        return resource == null ? SslConfiguration.KeyStoreConfiguration.unconfigured() : StringUtils.hasText(property) ? SslConfiguration.KeyStoreConfiguration.of(resource, property.toCharArray()) : SslConfiguration.KeyStoreConfiguration.of(resource);
    }

    @Override // org.springframework.vault.config.AbstractVaultConfiguration
    public ClientAuthentication clientAuthentication() {
        AuthenticationMethod valueOf = AuthenticationMethod.valueOf(getEnvironment().getProperty("vault.authentication", AuthenticationMethod.TOKEN.name()).toUpperCase().replace('-', '_'));
        switch (AnonymousClass1.$SwitchMap$org$springframework$vault$config$EnvironmentVaultConfiguration$AuthenticationMethod[valueOf.ordinal()]) {
            case 1:
                return tokenAuthentication();
            case 2:
                return appIdAuthentication();
            case 3:
                return appRoleAuthentication();
            case 4:
                return awsEc2Authentication();
            case LifecycleAwareSessionManagerSupport.REFRESH_PERIOD_BEFORE_EXPIRY /* 5 */:
                return azureMsiAuthentication();
            case 6:
                return new ClientCertificateAuthentication(restOperations());
            case 7:
                return cubbyholeAuthentication();
            case 8:
                return kubeAuthentication();
            default:
                throw new IllegalStateException(String.format("Vault authentication method %s is not supported with %s", valueOf, getClass().getSimpleName()));
        }
    }

    protected ClientAuthentication tokenAuthentication() {
        String property = getProperty("vault.token");
        Assert.hasText(property, "Vault Token authentication: Token (vault.token) must not be empty");
        return new TokenAuthentication(property);
    }

    protected ClientAuthentication appIdAuthentication() {
        String property = getEnvironment().getProperty("vault.app-id.app-id", getProperty("spring.application.name"));
        String property2 = getProperty("vault.app-id.user-id");
        Assert.hasText(property, "Vault AppId authentication: AppId (vault.app-id.app-id) must not be empty");
        Assert.hasText(property2, "Vault AppId authentication: UserId (vault.app-id.user-id) must not be empty");
        return new AppIdAuthentication(AppIdAuthenticationOptions.builder().appId(property).userIdMechanism(getAppIdUserIdMechanism(property2)).build(), restOperations());
    }

    protected ClientAuthentication appRoleAuthentication() {
        String property = getProperty("vault.app-role.role-id");
        String property2 = getProperty("vault.app-role.secret-id");
        Assert.hasText(property, "Vault AppRole authentication: RoleId (vault.app-role.role-id) must not be empty");
        AppRoleAuthenticationOptions.AppRoleAuthenticationOptionsBuilder roleId = AppRoleAuthenticationOptions.builder().roleId(property);
        if (StringUtils.hasText(property2)) {
            roleId = roleId.secretId(property2);
        }
        return new AppRoleAuthentication(roleId.build(), restOperations());
    }

    protected AppIdUserIdMechanism getAppIdUserIdMechanism(String str) {
        return str.equalsIgnoreCase(AppIdUserId.IP_ADDRESS.name()) ? new IpAddressUserId() : str.equalsIgnoreCase(AppIdUserId.MAC_ADDRESS.name()) ? new MacAddressUserId() : new StaticUserId(str);
    }

    protected ClientAuthentication awsEc2Authentication() {
        String property = getProperty("vault.aws-ec2.role-id");
        String property2 = getProperty("vault.aws-ec2.identity-document");
        Assert.hasText(property, "Vault AWS EC2 authentication: RoleId (vault.aws-ec2.role-id) must not be empty");
        AwsEc2AuthenticationOptions.AwsEc2AuthenticationOptionsBuilder role = AwsEc2AuthenticationOptions.builder().role(property);
        if (StringUtils.hasText(property2)) {
            role.identityDocumentUri(URI.create(property2));
        }
        return new AwsEc2Authentication(role.build(), restOperations(), restOperations());
    }

    protected ClientAuthentication azureMsiAuthentication() {
        String property = getProperty("vault.azure-msi.role");
        Assert.hasText(property, "Vault Azure MSI authentication: Role (vault.azure-msi.role) must not be empty");
        return new AzureMsiAuthentication(AzureMsiAuthenticationOptions.builder().role(property).build(), restOperations());
    }

    protected ClientAuthentication cubbyholeAuthentication() {
        String property = getEnvironment().getProperty("vault.token");
        Assert.hasText(property, "Vault Cubbyhole authentication: Initial token (vault.token) must not be empty");
        return new CubbyholeAuthentication(CubbyholeAuthenticationOptions.builder().wrapped().initialToken(VaultToken.of(property)).build(), restOperations());
    }

    protected ClientAuthentication kubeAuthentication() {
        String property = getProperty("vault.kubernetes.role");
        Assert.hasText(property, "Vault Kubernetes authentication: role must not be empty");
        String property2 = getProperty("vault.kubernetes.service-account-token-file");
        if (!StringUtils.hasText(property2)) {
            property2 = KubernetesServiceAccountTokenFile.DEFAULT_KUBERNETES_SERVICE_ACCOUNT_TOKEN_FILE;
        }
        return new KubernetesAuthentication(KubernetesAuthenticationOptions.builder().role(property).jwtSupplier(new KubernetesServiceAccountTokenFile(property2)).build(), restOperations());
    }

    @Nullable
    private String getProperty(String str) {
        return getEnvironment().getProperty(str);
    }

    @Nullable
    private Resource getResource(String str) {
        String property = getProperty(str);
        if (property != null) {
            return this.applicationContext.getResource(property);
        }
        return null;
    }
}
